Search form

You are here

British, US Spies Use Fake Sites to Spread Spyware

by John Lister on November, 14 2013 at 08:11AM EST

British security staff used bogus copies of the LinkedIn and Slashdot websites to install spyware on tech firm networks, according to leaked documents. They were able to pull off the hacker-like attacks with the help of the National Security Agency.

The claims come from what appears to be a secret presentation from Government Communications Headquarters (GCHQ), the British equivalent to the National Security Agency (NSA).

It seems the documents were made available to the NSA and then leaked by former contractor Edward Snowden. (Source: spiegel.de)

Secretive Agency Targets Telecommunications Firm

According to the leaked documents, GCHQ security staff were attempting to gain access to Belgium's largest telecommunications firm, Belgacom, which is partly state-owned.

They decided to target staff who worked on maintaining the company's network, which they did by tracking down those staff who had accounts on business networking site LinkedIn or tech news site Slashdot.

GCHQ then used a technique developed by the NSA known as Quantum Insert. The technique takes advantage of the fact that the NSA has been able to place its own servers at key points of the Internet.

When activated, these servers can pose as a legitimate website and, because of their physical placement, respond to a request before the genuine site can do so.

The spies then simply sat back and waited until the staff members tried to visit LinkedIn or Slashdot but unwittingly wound up visiting the bogus copy sites and were exposed to spyware.

The goal for GCHQ staff was to install monitoring tools onto GRX routers, devices used for routing cellular data around the world. A Belgacom subsidiary is one of the main operators of GRX routers.

The presentation also revealed that GCHQ used similar tactics to target several "clearinghouse" companies which administer billing for multiple cellphone service providers. The idea here was to get access to call records and related data.

LinkedIn, Slashdot Unaware of Spying

LinkedIn stresses that it knew nothing about the attacks and has not cooperated with government agencies to leak user data. Speaking to the media, it added that, "to date, we have not detected any of the spoofing activity that is being reported."

Of course, if GCHQ staff are using the tactic correctly, there's no reason LinkedIn should be able to detect it. (Source: pcpro.co.uk)

The GCHQ has told Slashdot that it always acts within the law, but does not comment on specific stories.